From 92005e41b3aad081e2d1d2aee7a847c249e90c29 Mon Sep 17 00:00:00 2001 From: Maximilian Kolb Date: Fri, 14 Jun 2024 10:48:07 +0200 Subject: [PATCH] Add procedure to sync Ubuntu ESM content --- guides/common/assembly_importing-content.adoc | 2 + ...expanded-security-maintenance-content.adoc | 77 +++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 guides/common/modules/proc_synchronizing-ubuntu-expanded-security-maintenance-content.adoc diff --git a/guides/common/assembly_importing-content.adoc b/guides/common/assembly_importing-content.adoc index b5608dfc65..ca85877d57 100644 --- a/guides/common/assembly_importing-content.adoc +++ b/guides/common/assembly_importing-content.adoc @@ -153,6 +153,8 @@ include::modules/proc_adding-upstream-repositories-for-deb.adoc[leveloffset=+1] :DL: {parent-DL} :!parent-DL: +include::modules/proc_synchronizing-ubuntu-expanded-security-maintenance-content.adoc[leveloffset=+1] + include::modules/proc_changing-the-repository-sets-status-for-a-host-in-project.adoc[leveloffset=+1] endif::[] diff --git a/guides/common/modules/proc_synchronizing-ubuntu-expanded-security-maintenance-content.adoc b/guides/common/modules/proc_synchronizing-ubuntu-expanded-security-maintenance-content.adoc new file mode 100644 index 0000000000..bf33d671d4 --- /dev/null +++ b/guides/common/modules/proc_synchronizing-ubuntu-expanded-security-maintenance-content.adoc @@ -0,0 +1,77 @@ +[id="Synchronizing-Ubuntu-Expanded-Security-Maintenance-content_{context}"] += Synchronizing Ubuntu Expanded Security Maintenance content + +Canonical provides Ubuntu https://ubuntu.com/security/esm[Expanded Security Maintenance] (ESM) repositories to their paying customers. +In {Project}, synchronize ESM repositories from Canonical to distribute content to your hosts running Ubuntu 14.04 and Ubuntu 16.04. + +[IMPORTANT] +==== +Providing https://ubuntu.com/security/esm[Ubuntu ESM] repositories to hosts running Ubuntu 14.04 or 16.04 requires a subscription from Canonical. +Ensure to provide valid licenses for all used Canonical products. +Using insufficient, invalid, or otherwise inadequate licenses might violate your terms with Canonical. +==== + +.Procedure +. On a host running Ubuntu 14.04 or 16.04, attach your subscription and extract repository information: +.. Install `ubuntu-advantage-tools` on a host running Ubuntu 14.04 or 16.04: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# apt-get install ubuntu-advantage-tools +---- +.. Register your host with Canonical: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# ua attach _ABCDEF0123456789_ +---- ++ +Use your subscription token from https://canonical.com/[canonical.com]. +.. Extract the `Upstream URL`, `Releases`, `Components`, and `Architectures` from the ESM repository: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# cat /etc/apt/sources.list.d/ubuntu-esm-infra.list +---- +.. Extract user name and password: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# cat /etc/apt/auth.conf.d/90ubuntu-advantage +---- +. Add GPG public key to {Project}: +.. In the {ProjectWebUI}, navigate to *Content* > *Content Credentials*. +.. Click *Create Content Credential*. +.. Enter a name and the GPG public key for Ubuntu. ++ +Ensure to use ASCII-armored GPG keys. +Convert the key if necessary: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# gpg --import ubuntu-advantage-esm-infra-trusty.gpg +# gpg --export --armor 4067E40313CB4B13 +---- +.. Click *Save* to save your content credential to {Project}. +. Create a product and repository: +.. Navigate to *Content* > *Products*. +.. Click *Create Product*. +... Enter a *Name*, select the previously imported GPG public key, and, optionally, add a sync plan and description. +... Click *Save* to save the product to {Project}. +.. Navigate to *Content* > *Products*. +.. Select the previously created product. +.. Click *New Repository*. +... Enter a *Name* and select type `deb`. +... Enter the *Upstream URL*, *Releases*, *Components*, and *Architectures* as extracted from your host from `/etc/apt/sources.list.d/ubuntu-esm-infra.list`. +... Enter the *Upstream Username* and *Upstream Password* as extracted from your host from `/etc/apt/auth.conf.d/90ubuntu-advantage`. +ifdef::orcharhino[] +... Enter *Errata URL*: `\https://dep.atix.de/dep/api/v1/ubuntu-esm`. +endif::[] +... Click *Save* to save your repository to {Project}. +. Synchronize your product. +.. Navigate to *Content* > *Products*. +.. Select the previously created product. +.. In the *Actions* menu, select *Sync Now*. + +.Next steps +* Distribute and manage your content as you manage other Deb content.